security-best-practicesReview code with secure-by-default standards, prioritize exploitable risks, and deliver minimal-diff fixes with evidence and regression checks.
Install via ClawdBot CLI:
clawdbot install ivangdavila/security-best-practicesGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://clawic.com/skills/security-best-practicesAudited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
A financial technology startup is developing a new payment processing API and needs to ensure it meets secure-by-default standards before launch. This skill helps systematically review authentication, input validation, and secrets handling to prioritize exploitable risks like injection attacks or data leaks, delivering minimal-diff fixes with evidence.
An e-commerce company discovers security flaws in its checkout module during a penetration test. Using this skill, the team can triage risks based on exploitability, map findings to a consistent baseline, and apply safe remediation patterns to fix issues like insecure dependencies or authorization gaps without disrupting user experience.
A healthcare provider is updating its patient management system to comply with regulations like HIPAA. This skill assists in reviewing logging, error handling, and data exposure controls, producing verifiable findings with severity scores and minimal-risk fixes to address vulnerabilities while maintaining audit trails and exception logs.
A SaaS startup wants to embed security reviews into its CI/CD pipeline to catch vulnerabilities early. This skill provides a repeatable workflow with evidence standards, helping prioritize issues like configuration safety and supply chain risks, and integrates with related skills like devops for operational safeguards.
Companies offering cloud-based services use this skill to conduct regular security reviews, ensuring their platforms remain secure against evolving threats. It helps prioritize exploitable risks and deliver actionable fixes, reducing breach risks and maintaining customer trust, which supports recurring revenue streams.
Security consulting firms leverage this skill to provide structured vulnerability assessments and remediation planning for clients. By following core rules like establishing evidence first and prioritizing exploitability, they deliver high-confidence reports that justify project fees and enhance service value.
Large enterprises developing internal or commercial software use this skill to enforce secure-by-default standards across teams. It aids in risk triage and minimal-diff fixes, reducing technical debt and compliance costs, which contributes to revenue through improved product security and reduced incident-related losses.
💬 Integration Tip
Start by reading setup.md to configure local memory files, then use review-playbook.md for systematic scans to avoid ad-hoc reviews and ensure consistent evidence collection.
Scored Apr 19, 2026
Use the @steipete/oracle CLI to bundle a prompt plus the right files and get a second-model review (API or browser) for debugging, refactors, design checks, or cross-validation.
This skill should be used when the user needs to analyze frontend project architecture evaluate tech stack choices review component design patterns assess bu...
Write, run, and manage unit, integration, and E2E tests across TypeScript, Python, and Swift using recommended frameworks.
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
Control desktop applications on Windows — launch, close, focus, resize, move windows, simulate keyboard/mouse input, manage processes, control VSCode, read clipboard, and capture screen info. Use when the user wants to interact with any running program, switch windows, type text, press shortcuts, open files in VSCode, manage running processes, or get system display information.
A comprehensive skill for using the Cursor CLI agent for various software engineering tasks (updated for 2026 features, includes tmux automation guide).